[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Config file weirdness



Yes, I saw that :-) but I was under the impression that the "quick"
keyword I use for all the rules stopped the rule processing at that
line, so that if it did not match any of the allow statements, then it
"fell through" to the deny rule.  However, I'll look at the examples
given :-)
Thanks everyone for the pointers.
>>> Asenchi <[email protected]> 08/27/03 09:50AM >>>
On Tuesday, Aug 26, 2003, at 18:15 US/East-Indiana, Greg Dickinson 
wrote:
Hello.
> # block in quick on fxp3 all
>
> However, if I uncomment the last line (block in quick...) then all
> traffic to this segment stops.  I'm specifically allowing in traffic
> from the internal LAN on ports 137-139, but it won't go through if I
> have a "default deny" rule in the bottom of the interface section, or
> at
> the bottom of the config file.  What have I missed?
 From pf.conf(5) man page:
      For each packet processed by the packet filter, the filter rules
are
      evaluated in sequential order, from first to last.  The last 
matching
									
     ^^^^^^^^^^^^^^^^
      rule decides what action is taken.
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
You need to move that to the beginning of the ruleset.  Take a look at
some rulesets before you launch yours.  Here is a great resource: 
https://solarflux.org/pf/ 
Also read these man pages:
pf.conf(5)
pfctl(8)
pf(4)
/* asenchi */